The increasing use of social media in Indonesia has significantly raised the risk of personal data breaches, particularly due to social engineering attacks that exploit human behavior. This study aims to analyze the influence of social engineering on data breaches among social media users, identify the most dominant attack patterns, and examine user behavioral vulnerabilities as the main contributing factor. The research employs a normative and descriptive qualitative method through literature review and analysis of relevant studies on cybersecurity and data protection. The findings reveal that phishing, pretexting, baiting, vishing, and smishing are the most common forms of social engineering attacks, targeting users’ psychological weaknesses such as trust, lack of awareness, and low digital literacy. The study also finds that human error plays a more significant role than technical system weaknesses in causing data breaches. Furthermore, inadequate cybersecurity awareness and preventive measures increase user vulnerability. The study concludes that mitigating data breaches requires not only technological safeguards but also strengthening digital literacy, enhancing user awareness, and fostering collaboration between government, platform providers, and society to create a more secure digital ecosystem.